<?php

declare(strict_types=1);

namespace App\Services\TenantConfiguration;

use App\Support\TenantConfiguration\CanonicalKeyKind;
use App\Support\TenantConfiguration\IdentityState;

final class CanonicalIdentityResult
{
    /**
     * @param  array<string, mixed>  $sourceIdentity
     * @param  array<string, mixed>  $secondaryKeys
     * @param  array<string, mixed>  $diagnostics
     */
    public function __construct(
        public readonly string $strategyIdentifier,
        public readonly IdentityState $identityState,
        public readonly CanonicalKeyKind $keyKind,
        public readonly string $canonicalResourceKey,
        public readonly string $sourceResourceId,
        public readonly array $sourceIdentity,
        public readonly array $secondaryKeys,
        public readonly array $diagnostics,
        public readonly bool $derivedClaimsAllowed = false,
    ) {}

    public function fingerprint(): string
    {
        $fingerprint = $this->sourceIdentity['fingerprint'] ?? null;

        return is_string($fingerprint) && $fingerprint !== ''
            ? $fingerprint
            : hash('sha256', json_encode($this->sourceIdentity, JSON_THROW_ON_ERROR));
    }

    public function candidateKeyHash(): string
    {
        $candidateKeyHash = $this->sourceIdentity['candidate_key_hash'] ?? null;

        return is_string($candidateKeyHash) && $candidateKeyHash !== ''
            ? $candidateKeyHash
            : $this->fingerprint();
    }

    public function withCanonicalResourceKey(string $canonicalResourceKey): self
    {
        return new self(
            strategyIdentifier: $this->strategyIdentifier,
            identityState: $this->identityState,
            keyKind: $this->keyKind,
            canonicalResourceKey: $canonicalResourceKey,
            sourceResourceId: $this->sourceResourceId,
            sourceIdentity: $this->sourceIdentity,
            secondaryKeys: $this->secondaryKeys,
            diagnostics: $this->diagnostics,
            derivedClaimsAllowed: $this->derivedClaimsAllowed,
        );
    }

    /**
     * @param  array<string, mixed>  $diagnostics
     */
    public function asConflict(string $canonicalResourceKey, array $diagnostics): self
    {
        return new self(
            strategyIdentifier: $this->strategyIdentifier,
            identityState: IdentityState::IdentityConflict,
            keyKind: $this->keyKind,
            canonicalResourceKey: $canonicalResourceKey,
            sourceResourceId: $this->sourceResourceId,
            sourceIdentity: $this->sourceIdentity,
            secondaryKeys: $this->secondaryKeys,
            diagnostics: array_replace_recursive($this->diagnostics, $diagnostics),
            derivedClaimsAllowed: false,
        );
    }
}